Security News > 2023 > January > British Cyber Agency Warns of Russian and Iranian Hackers Targeting Key Industries
The U.K. National Cyber Security Centre on Thursday warned of spear-phishing attacks mounted by Russian and Iranian state-sponsored actors for information-gathering operations.
The activity is typical of spear-phishing campaigns, where the threat actors send messages tailored to the targets, while also taking enough time to research their interests and identify their social and professional circles.
The Russian state-sponsored SEABORGIUM group has a history of establishing fake login pages mimicking legitimate defense companies and nuclear research labs to pull off its credential harvesting attacks.
The threat actor, like SEABORGIUM, is known to masquerade as journalists, research institutes, and think tanks to engage with its targets using an ever-changing arsenal of tools and tactics to accommodate IRGC's evolving priorities.
Enterprise security firm Proofpoint, in December 2022, disclosed the group's "Use of compromised accounts, malware, and confrontational lures to go after targets with a range of backgrounds from medical researchers to realtors to travel agencies," calling it a deviation from the "Expected phishing activity."
The stolen credentials are then used to log in to targets' email accounts and access sensitive information, in addition to setting up mail-forwarding rules to maintain continued visibility into victim correspondence.
News URL
https://thehackernews.com/2023/01/british-cyber-agency-warns-of-russian.html
Related news
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Russian Hackers May Have Targeted Ukrainian Telecoms with Upgraded 'AcidPour' Malware (source)
- Russian hackers target German political parties with WineLoader malware (source)
- Russian Hackers Use 'WINELOADER' Malware to Target German Political Parties (source)
- Iranian MuddyWater Hackers Adopt New C2 Tool 'DarkBeatC2' in Latest Campaign (source)
- Russian Sandworm hackers pose as hacktivists in water utility breaches (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- Iranian hackers pose as journalists to push backdoor malware (source)